diff --git a/HISTORY.rst b/HISTORY.rst index 44bfc4b..95931c4 100644 --- a/HISTORY.rst +++ b/HISTORY.rst @@ -1,6 +1,14 @@ History ======= +0.14.0.dev0: 2019-07-01 +----------------------- + +- Dropped winrm support. The kerberos context is now attached to response + objects so applications like winrm can be implemented external to + requests-kerberos. +- Corrected a concurrency issue exposed by threaded applications. + 0.12.0: 2017-12-20 ------------------------ diff --git a/requests_kerberos/__init__.py b/requests_kerberos/__init__.py index 63c7db5..0b3c757 100644 --- a/requests_kerberos/__init__.py +++ b/requests_kerberos/__init__.py @@ -22,4 +22,4 @@ __all__ = ('HTTPKerberosAuth', 'MutualAuthenticationError', 'REQUIRED', 'OPTIONAL', 'DISABLED') -__version__ = '0.13.0.dev0' +__version__ = '0.14.0.dev0' diff --git a/requests_kerberos/kerberos_.py b/requests_kerberos/kerberos_.py index c248ada..c1371d7 100644 --- a/requests_kerberos/kerberos_.py +++ b/requests_kerberos/kerberos_.py @@ -185,7 +185,7 @@ def __init__( self.cbt_binding_tried = False self.cbt_struct = None - def generate_request_header(self, host, request=None, response=None, is_preemptive=False): + def generate_request_header(self, response, host, request=None, is_preemptive=False): """ Generates the GSSAPI authentication token with kerberos. @@ -262,7 +262,7 @@ def authenticate_user(self, response, **kwargs): host = urlparse(response.url).hostname try: - auth_header = self.generate_request_header(host, response=response) + auth_header = self.generate_request_header(response, host) except KerberosExchangeError: # GSS Failure, return existing response return response @@ -426,13 +426,32 @@ def deregister(self, response): """Deregisters the response handler""" response.request.deregister_hook('response', self.handle_response) + def wrap_winrm(self, host, message): + raise NotImplementedError( + "WinRM encryption is no longer supported. The established " + "kerberos is now made available on the returned response objects " + "with the attribute named 'requests_kerberos_context' so WinRM " + "and other similar applications can be implemented external to " + "requests_kerberos." + ) + + def unwrap_winrm(self, host, message, header): + raise NotImplementedError( + "WinRM encryption is no longer supported. The established " + "kerberos is now made available on the returned response objects " + "with the attribute named 'requests_kerberos_context' so WinRM " + "and other similar applications can be implemented external to " + "requests_kerberos." + ) + + def __call__(self, request): if self.force_preemptive and not self.auth_done: # add Authorization header before we receive a 401 # by the 401 handler host = urlparse(request.url).hostname - auth_header = self.generate_request_header(host, request=request, is_preemptive=True) + auth_header = self.generate_request_header(None, host, request=request, is_preemptive=True) log.debug("HTTPKerberosAuth: Preemptive Authorization header: {0}".format(auth_header)) diff --git a/tests/test_requests_kerberos.py b/tests/test_requests_kerberos.py index 0f1c13b..69092c1 100644 --- a/tests/test_requests_kerberos.py +++ b/tests/test_requests_kerberos.py @@ -115,7 +115,7 @@ def test_generate_request_header(self): host = urlparse(response.url).hostname auth = requests_kerberos.HTTPKerberosAuth() self.assertEqual( - auth.generate_request_header(host, response=response), + auth.generate_request_header(response, host), "Negotiate GSSRESPONSE" ) clientInit_complete.assert_called_with( @@ -138,7 +138,7 @@ def test_generate_request_header_init_error(self): host = urlparse(response.url).hostname auth = requests_kerberos.HTTPKerberosAuth() self.assertRaises(requests_kerberos.exceptions.KerberosExchangeError, - auth.generate_request_header, host, response=response, + auth.generate_request_header, response, host ) clientInit_error.assert_called_with( "HTTP@www.example.org", @@ -160,7 +160,7 @@ def test_generate_request_header_step_error(self): host = urlparse(response.url).hostname auth = requests_kerberos.HTTPKerberosAuth() self.assertRaises(requests_kerberos.exceptions.KerberosExchangeError, - auth.generate_request_header, host, response=response, + auth.generate_request_header, response, host ) clientInit_complete.assert_called_with( "HTTP@www.example.org", @@ -568,7 +568,7 @@ def test_generate_request_header_custom_service(self): response.headers = {'www-authenticate': 'negotiate token'} host = urlparse(response.url).hostname auth = requests_kerberos.HTTPKerberosAuth(service="barfoo") - auth.generate_request_header(host, response=response), + auth.generate_request_header(response, host) clientInit_complete.assert_called_with( "barfoo@www.example.org", gssflags=( @@ -633,7 +633,7 @@ def test_principal_override(self): response.headers = {'www-authenticate': 'negotiate token'} host = urlparse(response.url).hostname auth = requests_kerberos.HTTPKerberosAuth(principal="user@REALM") - auth.generate_request_header(host, response=response) + auth.generate_request_header(response, host) clientInit_complete.assert_called_with( "HTTP@www.example.org", gssflags=( @@ -651,7 +651,7 @@ def test_realm_override(self): response.headers = {'www-authenticate': 'negotiate token'} host = urlparse(response.url).hostname auth = requests_kerberos.HTTPKerberosAuth(hostname_override="otherhost.otherdomain.org") - auth.generate_request_header(host, response=response) + auth.generate_request_header(response, host) clientInit_complete.assert_called_with( "HTTP@otherhost.otherdomain.org", gssflags=(